DNS packets are transmitted from the user's computer to the DNS server and vice versa, ensuring the correct mapping of the site's domain address and its IP address. You can intercept and analyze these packets using special programs.
Necessary
the Wireshark program
Instructions
Step 1
When a user types the domain name of a resource in the browser, information about it is sent to the DNS server via UDP. The server searches its database for an IP address corresponding to the domain, finds it and returns it to the browser. The browser then connects to the found IP address. Thus, the DNS server acts as a kind of address bureau, providing a mapping of domains and IP addresses.
Step 2
This scheme has one drawback: it is quite vulnerable. Namely, the DNS packet has rather flawed means of identification, in contrast to the TCP packet. This means that such a package can be replaced by another. As a result, an unsuspecting user types one address and ends up on a completely different one. Knowledge of the interception mechanism allows you to take measures to counter it, increasing the security of using the Internet.
Step 3
Since it is illegal to intercept and analyze other people's DNS packets, it is best to train on your computer. To analyze traffic, you need a wonderful program Wireshark, you can download it from the manufacturer's website. After downloading the program, install it and run it. In the menu, find the item Capture - Interfaces. A window will appear with information about your network card. Place the bird in the left corner and click the Start button.
Step 4
You have started analyzing network traffic. Open your browser and go to some address. In the Wireshark window, you will see a list of all packets with their protocols. For convenience, the lines are highlighted in different colors. DNS packets will be marked in blue. Click a line of any package - information about it will appear at the bottom of the screen, as well as its contents in hexadecimal encoding. You can analyze this package, modify, add, etc. To stop traffic analysis, open Capture - Interfaces again and click the Stop button.